Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/edaeb5-5e6e-411b-99cb-3c50180780b0/1/rJccof-g9kQwALknSx5mhOINLus.roa
File: rJccof-g9kQwALknSx5mhOINLus.roa (raw, json)
Hash identifier: 2HYc0PI0z+Afk3xVwYf2vuPKzvGDW7hk9A6PenFMcLM=
Subject key identifier: AC:97:1C:A1:FF:A0:F6:44:30:00:B9:27:4B:1E:66:84:E2:0D:2E:EB
Certificate issuer: /CN=0c4579a4028829d37acac65f66c056063251e57e
Certificate serial: 018EB54BE681D2411A8C8D8DA42B174A4814
Authority key identifier: 0C:45:79:A4:02:88:29:D3:7A:CA:C6:5F:66:C0:56:06:32:51:E5:7E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/DEV5pAKIKdN6ysZfZsBWBjJR5X4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/34/edaeb5-5e6e-411b-99cb-3c50180780b0/1/rJccof-g9kQwALknSx5mhOINLus.roa
Signing time: Sat 06 Apr 2024 21:23:54 +0000
ROA not before: Sat 06 Apr 2024 21:23:54 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 6424
IP address blocks: 82.215.71.0/24 maxlen: 24
193.109.186.0/24 maxlen: 24
2001:b18::/32 maxlen: 48
2001:b18:1031::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:b5:4b:e6:81:d2:41:1a:8c:8d:8d:a4:2b:17:4a:48:14
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0c4579a4028829d37acac65f66c056063251e57e
Validity
Not Before: Apr 6 21:23:54 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=ac971ca1ffa0f6443000b9274b1e6684e20d2eeb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:80:f5:2d:b2:22:31:d3:09:cc:1c:6c:2f:30:06:
fd:71:46:69:35:88:3a:b1:aa:bc:fa:5f:52:6c:79:
86:96:da:a8:9c:9f:8e:9f:f8:2e:08:eb:70:cd:fc:
97:e9:03:ec:83:a4:cf:24:95:d2:9c:9b:85:25:fe:
99:00:d3:ef:be:9e:53:5a:59:7c:62:78:d4:6f:9a:
58:49:29:aa:93:36:cc:9a:13:45:bd:ad:3d:f6:05:
55:07:c1:9e:2f:e0:9d:30:90:0c:41:4a:20:d3:80:
f7:97:91:ab:74:e1:e7:83:fe:de:1e:d2:37:bf:30:
11:57:11:fb:9c:40:37:c3:1e:64:b2:0b:91:0e:dd:
5c:c7:53:95:f8:f9:87:32:7c:9c:2d:8f:a0:63:d1:
87:07:d7:1a:26:05:0a:f7:40:5b:0e:91:8d:98:61:
59:09:eb:39:5b:9b:af:21:1e:3d:b7:8f:87:47:4a:
e5:c9:83:95:c6:83:82:2f:e0:e4:50:0a:11:92:d6:
77:21:d3:f6:56:46:ed:15:3b:9c:d9:09:b9:91:3a:
83:19:6b:59:53:47:47:5f:e8:61:4f:f1:19:8e:01:
77:7a:07:ea:ae:20:e4:54:f2:12:d1:18:d7:ed:3e:
79:42:09:7e:30:43:9f:70:81:5d:40:55:80:88:a3:
67:f1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AC:97:1C:A1:FF:A0:F6:44:30:00:B9:27:4B:1E:66:84:E2:0D:2E:EB
X509v3 Authority Key Identifier:
keyid:0C:45:79:A4:02:88:29:D3:7A:CA:C6:5F:66:C0:56:06:32:51:E5:7E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DEV5pAKIKdN6ysZfZsBWBjJR5X4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/edaeb5-5e6e-411b-99cb-3c50180780b0/1/rJccof-g9kQwALknSx5mhOINLus.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/34/edaeb5-5e6e-411b-99cb-3c50180780b0/1/DEV5pAKIKdN6ysZfZsBWBjJR5X4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.215.71.0/24
193.109.186.0/24
IPv6:
2001:b18::/32
Signature Algorithm: sha256WithRSAEncryption
76:c1:9b:0e:3b:fa:a8:f8:d8:a2:4d:07:2b:0f:65:4e:7b:e6:
fe:f6:ba:9a:17:63:14:2f:b2:c5:e4:95:82:ee:cb:8d:7b:82:
14:d5:29:f9:8b:36:76:c5:e7:12:32:29:de:51:15:ec:b7:b7:
50:93:aa:e4:14:8c:19:f8:0b:74:fb:f1:7e:8b:38:b1:c1:9b:
f8:dd:00:c2:9b:f6:f4:4e:6f:7a:a2:b6:7d:ba:c7:40:f4:3e:
19:93:fd:04:6d:d9:6a:b7:22:55:1e:63:b3:35:97:08:1a:23:
a4:8d:87:f5:35:a8:7e:e0:1a:17:ff:ee:a9:45:fa:e8:cf:79:
24:78:26:88:a4:61:a3:63:3a:60:17:61:91:25:ec:98:10:75:
ac:db:f0:fa:e8:55:d7:97:f3:08:19:17:8f:1c:2c:d5:74:32:
3c:da:5c:0b:b5:91:da:d4:ff:38:ad:c4:31:68:dd:1c:3b:5c:
67:ed:a4:5c:1c:16:ae:b8:4a:d6:43:c5:6e:f4:06:64:e7:2e:
cc:be:c2:43:81:19:65:7f:eb:31:8b:95:da:2e:ff:04:bb:d6:
c5:7e:73:a2:08:d3:65:87:5f:86:b9:ce:a3:23:ce:5d:1c:6c:
14:88:9a:10:e2:b7:1b:ff:ec:5c:0d:74:4a:2b:b1:52:46:46:
e2:3f:9a:d8
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAY61S+aB0kEajI2NpCsXSkgUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjNDU3OWE0MDI4ODI5ZDM3YWNhYzY1ZjY2YzA1NjA2MzI1
MWU1N2UwHhcNMjQwNDA2MjEyMzU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzk3MWNhMWZmYTBmNjQ0MzAwMGI5Mjc0YjFlNjY4NGUyMGQyZWViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgPUtsiIx0wnMHGwvMAb9cUZpNYg6
saq8+l9SbHmGltqonJ+On/guCOtwzfyX6QPsg6TPJJXSnJuFJf6ZANPvvp5TWll8
YnjUb5pYSSmqkzbMmhNFva099gVVB8GeL+CdMJAMQUog04D3l5GrdOHng/7eHtI3
vzARVxH7nEA3wx5ksguRDt1cx1OV+PmHMnycLY+gY9GHB9caJgUK90BbDpGNmGFZ
Ces5W5uvIR49t4+HR0rlyYOVxoOCL+DkUAoRktZ3IdP2VkbtFTuc2Qm5kTqDGWtZ
U0dHX+hhT/EZjgF3egfqriDkVPIS0RjX7T55Qgl+MEOfcIFdQFWAiKNn8QIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFKyXHKH/oPZEMAC5J0seZoTiDS7rMB8GA1UdIwQY
MBaAFAxFeaQCiCnTesrGX2bAVgYyUeV+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvREVWNXBBS0lLZE42eXNaZlpzQldCakpSNVg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9lZGFlYjUtNWU2ZS00MTFiLTk5Y2It
M2M1MDE4MDc4MGIwLzEvckpjY29mLWc5a1F3QUxrblN4NW1oT0lOTHVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9lZGFlYjUtNWU2ZS00MTFiLTk5Y2ItM2M1MDE4MDc4MGIw
LzEvREVWNXBBS0lLZE42eXNaZlpzQldCakpSNVg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAUtdHAwQA
wW26MA0EAgACMAcDBQAgAQsYMA0GCSqGSIb3DQEBCwUAA4IBAQB2wZsOO/qo+Nii
TQcrD2VOe+b+9rqaF2MUL7LF5JWC7suNe4IU1Sn5izZ2xecSMineURXst7dQk6rk
FIwZ+At0+/F+izixwZv43QDCm/b0Tm96orZ9usdA9D4Zk/0EbdlqtyJVHmOzNZcI
GiOkjYf1Nah+4BoX/+6pRfroz3kkeCaIpGGjYzpgF2GRJeyYEHWs2/D66FXXl/MI
GRePHCzVdDI82lwLtZHa1P84rcQxaN0cO1xn7aRcHBauuErWQ8Vu9AZk5y7MvsJD
gRllf+sxi5XaLv8Eu9bFfnOiCNNlh1+Guc6jI85dHGwUiJoQ4rcb/+xcDXRKK7FS
RkbiP5rY
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:25:07 2024 by rpki-client on console-fra.rpki-client.org